Device Drivers
Device Drivers are essential for any IoT device. This section outlines how to write device drivers, how driver signing works in Windows IoT Enterprise (different than traditional client signing), and how to add device drivers to images.
How to Write Device Drivers
Windows contains built-in drivers for many device types. If there's a built-in driver for your device type, you don't need to write your own drive; your device can use the built-in driver. However, if you need to write a device driver for your device, use the programming reference for Windows Driver Kit (WDK).
ARM64 Device Drivers
IoT devices with ARM64 processors need drivers that are built specifically for the ARM64 architecture. Many of the same built-in drivers in the X64 version of Windows IoT Enterprise are included in the ARM64 version of Windows IoT Enterprise. ARM64 processor and/or board vendors provide additional ARM64 drivers needed for their boards to function correctly in Board Support Packages (BSPs). In addition, many device vendors also provide drivers for their devices through either Windows Update or through 3rd-party support channels.
If you need to write an ARM64 device driver for your device, follow the ARM64 driver development documentation for building ARM64 Drivers with the Windows Driver Kit (WDK)
Kernel Mode Device Driver Signing
Windows IoT Enterprise shares the same kernel mode driver signing policy as Windows, requiring each kernel mode driver to be digitally signed by a trusted source before it can be loaded.
Test-Signed Drivers
Test-signed drivers are drivers that are digitally signed by a test certificate and are used during driver development and testing.
In order for a test-signed driver to be loaded, the TESTSIGNING option must be enabled in the Windows Boot Configuration Database, and the test certificate used to test-sign the driver must be installed into the certificate store of the system.
Production-Signed Drivers
When you're ready to go into production, there are two options on how to get your driver production-signed by Microsoft. The first is the traditional client signing process and the second is attestation signing.
Traditional Client Signing
For typical traditional client signing, if you're unfamiliar with the device and driver installation process, we recommend that you start by reviewing Roadmap for Device and Driver Installation. You may also want to read Overview of Device and Driver Installation for a high-level overview of this process and its components.
Attestation Signing
Follow this article to learn how attestation signing works for a kernel driver for public release.
Note
When a driver receives attestation signing, it is not Windows Certified. An attestation signature from Microsoft indicates that the driver can be trusted by Windows, but because the driver has not been tested in HLK Studio, there are no assurances made around compatibility, functionality, etc. In addition, attestation-signed drivers do not get published on Windows Update.
How to Add Device Drivers to Images
With Windows IoT Enterprise, you can add device drivers to a Windows image before, during, or after you deploy the image. When planning how to add drivers to your Windows deployment, it's important to understand how driver folders are added to the image, how driver ranking affects deployment, and the digital signature requirements for drivers. To understand more about how to add drivers, check out the following article, Device Drivers.